valleyrat_s2 | 2680-21-0x0000000010000000-0x0000000010024000-memory[.]dmp | Triage

Sharing

General

Target

2680-21-0x0000000010000000-0x0000000010024000-memory.dmp
Size

144KB
MD5

7f1b8465d7bcd50576e8ea39261d6081
SHA1

2f2bfc949bd1c29406cabcaebfdd4f659457672f
SHA256

17bcf22fac3e650231a57f198f7885f5d46ea6f5abfe0d6923a3c70b152b7a68
SHA512

2cdf91d566c27292ab96e3886a9f8c33b24a1719fb0eb592f366867dbe59b28287ec8ab3f83aa9ccdb24083dcd6570740a154166f9c8d88efe8039fb699e05df
SSDEEP

3072:oQWMJcsY7lE1g9DyLaoFtfiggN/YneX5zYAB:oQWlq1g1yLLfiggN/9sAB

Score

10^/10

valleyrat_s2

Malware Config

Extracted

Family

valleyrat_s2

Version

1.0

C2

154.44.8.39:443

154.44.8.39:80

154.44.8.39:8011

Attributes

campaign_date
2025. 3. 7

Signatures

Valleyrat_s2 family
valleyrat_s2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2680-21-0x0000000010000000-0x0000000010024000-memory.dmp

Files

2680-21-0x0000000010000000-0x0000000010024000-memory.dmp
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ